Commit e38e8699 authored by Jason Gunthorpe's avatar Jason Gunthorpe
Browse files

RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path 

Sashiko points out that pvrdma_uar_free() is already called within
pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

Cc: stable@vger.kernel.org
Fixes: 29c8d9eb ("IB: Add vmw_pvrdma driver")
Link: https://sashiko.dev/#/patchset/0-v1-e911b76a94d1%2B65d95-rdma_udata_rep_jgg%40nvidia.com?part=4
Link: https://patch.msgid.link/r/10-v1-41f3135e5565+9d2-rdma_ai_fixes1_jgg@nvidia.com


Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
parent 34fbf48c

drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c

+1 −1
Original line number Diff line number Diff line
@@ -322,7 +322,7 @@ int pvrdma_alloc_ucontext(struct ib_ucontext *uctx, struct ib_udata *udata) 
	uresp.qp_tab_size = vdev->dsr->caps.max_qp;

	ret = ib_copy_to_udata(udata, &uresp, sizeof(uresp));

	if (ret) {

		pvrdma_uar_free(vdev, &context->uar);

		/* pvrdma_dealloc_ucontext() also frees the UAR */

		pvrdma_dealloc_ucontext(&context->ibucontext);

		return -EFAULT;

	}